CVE-2026-36727

CVE-2026-36727 affects bookcars version 8.3. An insecure authentication vulnerability exists in the /api/social-sign-in endpoint that allows bypassing authentication by forged JWT tokens. The issue is documented across multiple feeds (NVD, Red Hat, CVE records) with no explicit exploit details or...

CVE-2026-36723

CVE-2026-36723 affects bookcars v8.3. An unrestricted file rename vulnerability in the /api/create-user component allows authenticated attackers to exploit directory traversal to move files from temporary storage to arbitrary locations on the server filesystem, enabling unauthorized access to sen...

CVE-2026-36726

The CVE-2026-36726 entry describes an arbitrary file deletion vulnerability in bookcars v8.3, exposed at the /api/delete-temp-license/{file} endpoint. The issue allows unauthenticated attackers to delete arbitrary files by supplying directory traversal sequences. The CVSS v3.1 vector indicates Ne...

CVE-2026-36719

AgentChat v2.3.0 contains an information disclosure vulnerability in the /api/v1/user/info endpoint. The flaw allows unauthenticated attackers to enumerate user IDs and access sensitive data, including SHA-256 password hashes. Publicly available documents do not provide a confirmed root cause or ...

CVE-2026-36725

CVE-2026-36725 describes a markdown-based cross-site scripting (XSS) vulnerability in the FastapiAdmin package, specifically affecting v2.2.0. The issue resides in the /system/notice/create endpoint where an attacker can inject a crafted payload into the notice_content parameter to execute arbitr...

CVE-2026-39170

CVE-2026-39170 affects SemCms 5.0 and is described as a Cross Site Request Forgery (CSRF) vulnerability triggered by a crafted POST request to /admin/semcms_user.php. The connected documents provide the affected product and the vulnerability class but do not include detailed exploit steps, affect...

CVE-2026-36724

FastapiAdmin v2.2.0 contains an uncaught exception in the /application/job/update/{id} endpoint. When an authenticated user with the module_task:job:update permission manipulates the func field of scheduled tasks, a DoS can be triggered. The CVE details the vulnerable component and the attack sce...

CVE-2026-36722

CVE-2026-36722 is an authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3. The issue allows an attacker with valid credentials to upload a crafted file and potentially execute arbitrary code. All documented sources describe the same vulnerabili...

CVE-2026-36808

CVE-2026-36808 affects Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10. The issue is a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function, leading to Denial of Service via a crafted HTTP request. Connected sources (Red Hat, NVD, CVE lists) confirm the sa...

CVE-2025-52292

GPAC MP4Box v2.4 is affected by a stack buffer overflow in the filein_process function (in_file.c), enabling a Denial of Service when processing a crafted MP4 file. The issue stems from a vulnerability in the handling of input data, with the impact described as HIGH availability risk and CVSS 3.1...

CVE-2023-43686

CVE-2023-43686 affects Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). The issue arises when parsing a large number of Firefox preference files, which can cause the parser to ignore other browser configuration files, resulting in a denial of service. The connected sources confirm the ...

CVE-2025-55657

GPAC MP4Box v2.4 is affected by a NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function (odf/descriptors.c), leading to Denial of Service when processing a crafted MP4 file. The issue’s root cause is in the handling of ODF VVC descriptor writes; exploitation details are not provided in...

CVE-2025-55659

CVE-2025-55659 describes a NULL pointer dereference in the ctts_box_write function (isomedia/box_code_base.c) of GPAC MP4Box v2.4. The underlying issue in the MP4 container code allows an attacker to trigger a denial-of-service by feeding a crafted MP4 file. The available sources confirm the vuln...

CVE-2026-36818

The CVE-2026-36818 records a buffer overflow in Shenzhen Tenda Technology Co., Ltd’s Tenda W20E (v15.11.0.6) in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability enables a Denial of Service via a crafted HTTP request. The root cause, as reported across s...

CVE-2026-38615

CVE-2026-38615 affects DedeCMS v5.7.118 with a command execution vulnerability in file_manage_control.php. Public sources confirm the issue but do not provide detailed exploitation steps or concrete remediation in the supplied documents. The CVSSv3.1 metrics indicate a high-severity, network-expl...

CVE-2026-36806

The vulnerability CVE-2026-36806 affects Shenzhen Tenda Technology Co., Ltd. Tenda W15E running v15.11.0.10. A buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function allows an attacker to trigger a Denial of Service via a crafted HTTP request. What is affected: W15E...

CVE-2026-36823

Summary: CVE-2026-36823 affects Shenzhen Tenda Technology Co., Ltd. Tenda W20E, version v15.11.0.6. A buffer overflow in the webAuthUserInfo parameter of the function formAddWebAuthUser can cause a Denial of Service (DoS) via a crafted HTTP request. The published metrics indicate a CVSS v3.1 base...

CVE-2026-36820

CVE-2026-36820 affects Shenzhen Tenda Technology Co., Ltd. Tenda W20E v15.11.0.6. A buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function is described, enabling a crafted HTTP request to trigger a Denial of Service (DoS). No exploitation details, affected v...

CVE-2026-36799

CVE-2026-36799 affects Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5. The Red Hat/NVD entries describe a buffer overflow in the portalAuth parameter of the formPortalAuth function, leading to Denial of Service via a crafted HTTP request. The exploitation details, affected version, and ro...

CVE-2026-36800

The CVE-2026-36800 affects Shenzhen Tenda Technology Co. Ltd. Tenda G0 firmware v15.11.0.5, where a buffer overflow in the IPMacBindIndex parameter of the formIPMacBindDel function can be triggered to cause a Denial of Service via a crafted HTTP request. Evidence across sources confirms the affec...

CVE-2026-36794

CVE-2026-36794 affects Shenzhen Tenda Technology Co. Ltd. Tenda W3 Wireless Router v1.0.0.3(2204). The issue is multiple stack overflows in the R7WebsSecurityHandler function triggered via username and password parameters, leading to Denial of Service (DoS) through a crafted HTTP request. Connect...

CVE-2026-36813

The CVE-2026-36813 affects Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10. A buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function enables a Denial of Service via a crafted HTTP request. Affected component: WewifiPic handling in W15E firmware. Root cause:...

CVE-2026-36815

The issue: Shenzhen Tenda Technology Co. W15E (firmware v15.11.0.10) contains a buffer overflow in the hostname parameter of the function formSetNetCheckTools. Root cause: unvalidated/overlong hostname input leads to memory corruption. Impact: Denial of Service via a crafted HTTP request (no auth...

CVE-2026-36793

CVE-2026-36793 affects Shenzhen Tenda Technology Co., Ltd. Tenda W3 Wireless Router v1.0.0.3(2204). The vulnerability is due to multiple stack overflows in the formwrlSSIDset function triggered via the mit_ssid and mis_ssid_index parameters, allowing an attacker to cause a Denial of Service with ...

CVE-2026-36802

CVE-2026-36802 affects Shenzhen Tenda Technology Co. PW201A v1.0.5. The issue is a buffer overflow in the page parameter of the SafeMacFilter function, enabling a crafted HTTP request to trigger a Denial of Service. All connected sources (RH Red Hat, NVD, CVE listings, CVE pages, and vuln enrichm...

CVE-2026-36720

CVE-2026-36720 describes insecure permissions in bookcars v8.3 that allow an authenticated user to escalate privileges from user to admin by modifying their user type. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) yields a base score of 8.1 ( HIGH ), indicating a high impact on confid...

CVE-2026-49146

Technical details for CVE-2026-49146 are not publicly available in the provided documents. The connected OpenSUSE/OSV entries reference fixes in ack-3.10.0-1.1 but do not reveal specific vulnerability data. Monitor for updates.

CVE-2026-36797

The vulnerability CVE-2026-36797 affects Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5. A stack overflow in the IPMacBindRuleIp parameter of the formIPMacBindModify function can be triggered by a crafted HTTP request, leading to Denial of Service. The available connected documents do not...

CVE-2026-36771

CVE-2026-36771 affects Shenzhen Tenda Technology Co. Ltd. Tenda W3 Wireless Router v1.0.0.3(2204). The vulnerability is a stack overflow in the wl_radio parameter within the formwrlSSIDset function, which can cause a Denial of Service (DoS) under crafted input. The CVSS 3.1 vector indicates NETWO...

CVE-2026-10797

CVE-2026-10797 is tied to vulnerable third‑party UEFI shim bootloaders signed by the Microsoft UEFI CA 2011, identified by CERT and vendor disclosures. Affected shim versions (notably Red Hat Enterprise Linux/CentOS 7.2 shim loaders in upstream reports) may allow a BYOVD-style attacker to bypass ...

CVE-2026-36778

CVE-2026-36778 affects Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180). The advisory states a stack overflow in the username parameter of the R7WebsSecurityHandler function, enabling an attacker to cause a Denial of Service via a crafted HTTP request. The Red Hat and NV...

CVE-2026-36822

CVE-2026-36822 affects Shenzhen Tenda Technology Co., Ltd. Tenda W20E v15.11.0.6. The issue is a buffer overflow in the macAddr parameter of the formDelStaState function, enabling a Denial of Service via a crafted HTTP request. No exploitation specifics or mitigations are provided in the document...

CVE-2026-36796

CVE-2026-36796 affects Shenzhen Tenda Technology Co., Ltd Tenda G0 firmware v15.11.0.5. The issue is a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function, enabling a remote attacker to trigger Denial of Service via a crafted HTTP request. CVSS v3.1 metrics indicat...

CVE-2026-36807

The CVE relates to Shenzhen Tenda Technology Co., Ltd. Tenda W15E (firmware v15.11.0.10). An input validation flaw in the webAuthUserPwd parameter of the formAddWebAuthUser function allows a crafted HTTP request to trigger a buffer overflow, resulting in Denial of Service (DoS). According to the ...

CVE-2026-36817

CVE-2026-36817 affects Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10. The issue is a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function, which can be triggered by a crafted HTTP request to cause a Denial of Service (DoS). The CVSS v3.1 vector...

CVE-2026-36798

CVE-2026-36798 affects Shenzhen Tenda Technology Co., Ltd. Tenda G0 v15.11.0.5. The issue consists of multiple stack overflows in the formSetDebugCfgr function triggered via the enable, level, and module parameters. This leads to Denial of Service (DoS) when processing crafted HTTP requests. The ...

CVE-2026-0194

openSUSE issued Chromium 149.0.7827.53 and Chromedriver builds to fix CVE-2026-0194 (and CVE-2026-10958) for Backports SLE-15-SP7 and Tumbleweed. The connected doc confirms remediation exists; no root-cause or exploit details are provided in the sources. Update to the mentioned Chromium/Chromedri...

CVE-2026-36801

CVE-2026-36801 concerns Shenzhen Tenda Technology Co., Ltd. Tenda G0 firmware v15.11.0.5, where a buffer overflow in the IPMacBindRule parameter of the formIPMacBindAdd function can be triggered by a crafted HTTP request, leading to a Denial of Service. Affected component/trigger: the vulnerable ...

CVE-2026-36811

CVE-2026-36811 affects Shenzhen Tenda Technology Co., Ltd. — Tenda W15E v15.11.0.10. The issue is a buffer overflow in the picName parameter of the formDelwebAuthPic function, which leads to a Denial of Service (DoS) via a crafted HTTP request. Exploitation details are not provided in the availab...

CVE-2026-36816

Affected product: Shenzhen Tenda Technology Co., Ltd Tenda W15E (firmware v15.11.0.10). Vulnerability: buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. Impact: enables an attacker to cause a Denial of Service (DoS) via a crafted HTTP request. Root cause...

CVE-2026-36819

The CVE covers Shenzhen Tenda Technology Co., Ltd Tenda W20E devices (v15.11.0.6). A buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function is reported, enabling a DoS through a crafted HTTP request. Affected component: W20E firmware; underlying issue: improper input handli...

CVE-2026-36810

CVE-2026-36810 concerns Shenzhen Tenda Technology Co., Ltd. Tenda W15E (v15.11.0.10). A buffer overflow is reported in the gotoUrl parameter of the formPortalAuth function, enabling a Denial of Service (DoS) via a crafted HTTP request. The available documents consistently describe this vulnerabil...

CVE-2026-36772

CVE-2026-36772 affects the Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204). The vulnerability is a stack overflow in the wl_radio parameter of the formwrlSSIDget function, leading to Denial of Service. This is the reported root cause and affected component. No patch/ver...

CVE-2026-36792

CVE-2026-36792 affects Shenzhen Tenda Technology Co. Ltd. Tenda W3 Wireless Router v1.0.0.3(2204). A stack overflow in the wl_radio parameter of the formWifiRadioSet function can cause a Denial of Service via a crafted HTTP request. The entry notes a CVSSv3.1 base score of 7.5 (HIGH) with network...

CVE-2026-36791

The CVE-2026-36791 entry affects Shenzhen Tenda Technology Co., Ltd. Tenda O3v3 v1.0.0.5, where a stack overflow in the save_list_data parameter of the formSetCfm function could allow a crafted HTTP request to cause a Denial of Service. Affected component: the save_list_data handling within formS...

CVE-2026-39169

CVE-2026-39169 affects SEMCMS 5.0, with vulnerability in SEMCMS_copy.php that permits unauthorized access. Reports across NVD/CVE lists describe the issue as unauthorized access in SEMCMS_copy.php; no product version details beyond SEMCMS 5.0 are provided. CVSS v3.1 shows impact primarily on conf...

CVE-2026-47735

CVE-2026-47735 is associated with Arc’s authenticated local-file read via DuckDB I/O functions bypassing RBAC table-level checks. The GHSA advisory details how read_csv_auto, read_csv, read_json, read_text, glob, parquet_metadata, and related DuckDB I/O functions are not blocked by initial valida...

CVE-2026-47726

The connected GitHub advisory for nebula-mesh (GHSA-QM33-P5P9-F8VG) documents a security issue where the GET /api/v1/audit-log endpoint does not perform an admin check. Any operator API key can retrieve the full audit log (up to limit), exposing tenant-specific data such as actor names, host/oper...

CVE-2026-11701

The CVE-2026-11701 entry describes an insecure implementation in Chrome’s Guest View prior to version 149.0.7827.103, enabling a remote attacker to perform UI spoofing via a crafted HTML page. Affected software: Google Chrome (Guest View component). Root cause: inappropriate/defective Guest View ...

CVE-2026-11699

CVE-2026-11699 : Use-after-free in Bluetooth in Google Chrome on macOS before 149.0.7827.103. This allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. Impact: high. Remediation: upgrade to Chrome 149.0.7827.103 or later (as referenced by the Chrome release not...